-2

在下面的代码中,我运行了两个查询,一个是从数据库中提取用户的名字和姓氏,另一个是写入数据库中同一条目中的不同字段。第一个查询没有产生任何结果(如果我取消注释 $rowCount 行和下面的行,脚本将在 100% 的时间中中止)。第二个查询完美运行。

任何人都有关于为什么的理论?

$db = new mysqli($db_host, $db_user, $db_pass, $db_name, $db_port);

$user = get_post_var('email');
$user = preg_replace('/[^A-Za-z0-9@._-]/', '', $user);
$code = substr(str_shuffle("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"), 0, 20);

($stmt = $db->prepare('select first, last from users where user = ?'));
$stmt->bind_param('s', $user);
$stmt->execute();
$stmt->bind_result($first,$last);
//$rowCount = mysqli_num_rows($stmt); 
//if($rowCount == 0) { fail("19","forgot"); } else {}
$stmt->close();

($stmt = $db->prepare('update users set reset = ? where user = ?'));
$stmt->bind_param('ss', $code, $user);
$stmt->execute();
$stmt->close();

mail( "$user", "Example.org Password Reset Code", "Dear $first $last,\n\n Please visit the following url to reset your password:\n http://www.example.org/reset.php?c=$code\n\nSincerely,\nSender", "From: noreply@example.org" );
fail('18',"forgot");

$db->close();
4

1 回答 1

0

为了num_rows在准备好的语句上使用,您需要先调用store_result

该手册也提到了上述内容。

这是一个简单的例子:

<?php
// Your database info
$db_host = 'localhost';
$db_user = '';
$db_pass = '';
$db_name = '';
$code = substr(str_shuffle("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"), 0, 20);

if (!isset($_POST['email']))
{
    die('Please fill in the email field.');
}

if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL))
{
    die('Invalid email address');
}

$con = new mysqli($db_host, $db_user, $db_pass, $db_name);
if ($con->connect_error)
{
    die('Connect Error (' . mysqli_connect_errno() . ') '. mysqli_connect_error());
}

$sql = "SELECT first, last FROM users WHERE user = ?";
if (!$result = $con->prepare($sql))
{
    die('Query failed: (' . $con->errno . ') ' . $con->error);
}

if (!$result->bind_param('s', $_POST['email']))
{
    die('Binding parameters failed: (' . $result->errno . ') ' . $result->error);
}

if (!$result->execute())
{
    die('Execute failed: (' . $result->errno . ') ' . $result->error);
}

$result->store_result();
if ($result->num_rows == 0)
{
    die('No username found...');
}

$result->bind_result($first, $last);
$result->fetch();

// After using fetch, we can print the data
echo $first, " => ", $last;

$result->close();

$update = 'UPDATE users SET reset = ? WHERE user = ?';
if (!$stmt = $con->prepare($update))
{
    die('Update query failed: (' . $con->errno . ') ' . $con->error);
}

if (!$stmt->bind_param('ss', $code, $_POST['email']))
{
    die('Update binding parameters failed: (' . $stmt->errno . ') ' . $stmt->error);
}

if (!$stmt->execute())
{
    die('Update execute failed: (' . $stmt->errno . ') ' . $stmt->error);
}

$stmt->close();
$con->close();

if (mail($_POST['email'], "Example.org Password Reset Code", "Dear $first $last,\n\n Please visit the following url to reset your password:\n http://www.example.org/reset.php?c=$code\n\nSincerely,\nSender", "From: noreply@example.org"))
{
    echo "Email sent";
}
else
{
    echo "Failed to send email";
}
于 2013-08-31T01:32:50.253 回答